-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: jackson-databind
Version: 2.4.2-2+deb8u11
CVE ID : CVE-2019-20330 CVE-2020-8840
It was found that jackson-databind, a Java library used to parse JSON and
other data formats, could deserialize data without proper
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Package: python-reportlab
Version: 3.1.8-3+deb8u2
CVE ID : CVE-2019-17626
Debian Bug : 942763
It was found that ReportLab, a Python library to create PDF documents,
did not properly parse color strings, allowing an